限bt下载
我的测试环境:
NS25A
OS:5.2r2.0
我在使用下面这类语句时都报错:
set attack "CS:BT-TRACK:1" http-url-variable-parsed ".*\[attachmentid\].*" severity info
在上面这条语句里,不能使用".*\[attachmentid\].*",只能输入attachmentid才能执行,也就是这样子:
set attack "CS:BT-TRACK:1" http-url-variable-parsed attachmentid severity info
执行上面这条命令才能成功创建。
有几个问题:
1、我使用这样的命令创建的元素是否还起作用?
2、我在所有策略后面又加了一条from trust to untrst any any,这样加了以后是不是会影响测试效果?
3、我成功配置了以后试着用BT下载时发现还是能下载,是定义得不够严密呢还是根本就没起作用?
我按着朋友介绍的方法,把所有的命令都更改了,修改后的配置如下:
set service "BitComet_Handshake" protocol tcp src-port 0-65535 dst-port 1025-65535
set service "http8080" protocol tcp src-port 0-65535 dst-port 8080-8080
set attack "CS:BT-TRACK:1" http-url-variable-parsed attachmentid severity info
set attack "CS:BT-TRACK:2" stream256 announce severity info
set attack "CS:BT-TRACK:3" http-url-parsed torrent severity info
set attack "CS:Bitcomet:HandShake" stream256 BitTorrent severity info
set attack group "CS:Bitcomet:Track"
set attack group "CS:Bitcomet:Track" add "CS:BT-TRACK:2"
set attack group "CS:Bitcomet:Track" add "CS:BT-TRACK:3"
set attack group "CS:Bitcomet:Track" add "CS:BT-TRACK:1"
set attack group "CS:BitComet:HandShake"
set attack group "CS:BitComet:HandShake" add "CS:Bitcomet:HandShake"
set policy id 3 from "Trust" to "Untrust" "Any" "Any" "HTTP" permit log
set policy id 3 attack "CS:Bitcomet:Track" action close
set policy id 3
exit
set policy id 3
exit
set policy id 4 from "Trust" to "Untrust" "Any" "Any" "http8080" permit log
set policy id 4 application "HTTP"
set policy id 4 attack "CS:Bitcomet:Track" action close ip-action "notify" target "serv" timeout 60
set policy id 4
set di-severity info
exit
set policy id 4
exit
set policy id 5 from "Trust" to "Untrust" "Any" "Any" "BitComet_Handshake" permit log
set policy id 5 application "TALK"
set policy id 5 attack "CS:BitComet:HandShake" action close ip-action "notify" target "serv" timeout 60
set policy id 5
exit
set policy id 5
exit
2001-2007 Comsenz Inc.
